Xxc385

**Name of the Vulnerable Software and Affected Versions** RapidCMS version 1.3.1 **Description** A SQL injection issue was found in the `username` parameter at the "/resource/runlogin.php" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For RapidCMS version 1.3.1, as a temporary workaround, consider restricting access to the `/resource/runlogin.php` endpoint until a patch is available. Avoid using the `username` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** RapidCMS version 1.3.1 **Description** A SQL injection issue was discovered via the `articleid` parameter at the "/default/article.php" API endpoint. This allows for potential exploitation. **Recommendations** For RapidCMS version 1.3.1, consider restricting access to the "/default/article.php" API endpoint until a patch is available. As a temporary workaround, avoid using the `articleid` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: RapidCMS version 1.3.1 Description: A SQL injection issue was discovered in RapidCMS, which occurs via the `password` parameter at the "/resource/runlogin.php" API endpoint. This allows for potential exploitation of the system. Recommendations: For RapidCMS version 1.3.1, as a temporary workaround, consider restricting access to the "/resource/runlogin.php" API endpoint until a patch is available. Avoid using the `password` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.